CVE-2026-5343 PUBLISHED

SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031

Assigner: drupal
Reserved: 01.04.2026 Published: 28.05.2026 Updated: 28.05.2026

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation.

This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.

Product Status

Vendor Drupal
Product SAML SSO - Service Provider
Versions Default: unaffected
  • affected from 0.0.0 to 3.1.4 (excl.)

Credits

  • Tim de Jong | Freelance Drupal Developer (tim_dj) finder
  • Sudhanshu Dhage (sudhanshu0542) remediation developer
  • Damien McKenna (damienmckenna) coordinator
  • Greg Knaddison (greggles) coordinator
  • Juraj Nemec (poker10) coordinator
  • Jess (xjm) coordinator

References

Problem Types

  • CWE-754 Improper Check for Unusual or Exceptional Conditions CWE

Impacts

  • CAPEC-233 Privilege Escalation